Revert "To read the Group UUID, the Caller must also have the US..."

Revert "To read the Group UUID, the Caller must also have the US..." Revert submission 17956544-group_uuid Reason for revert: Bug: 235395006 Reverted Changes: Iaa5493679:To read the Group UUID, the Caller must also have ... Ic635126db:To read the Group UUID, the Caller must also have ... Ia134265c2:To read the Group UUID, the Caller must also have ... Change-Id: Ie80e7d8e04d2008fa4e97f997ab2050d31367895
author: Hyosun Kim <hyosunkim@google.com> 2022-06-09 00:19:33 +0000
committer: Hyosun Kim <hyosunkim@google.com> 2022-06-09 00:19:33 +0000
commit: 43f1ed290eeb193a1ab9178ab6a1b624cab54333 (patch)
tree: 533592e9e26d67071c0086b4f87bd0de8f223c77
parent: 9811e9a16e4c0be4c88023f4e322a5d0d372ffb5 (diff)
download: telephony-43f1ed290eeb193a1ab9178ab6a1b624cab54333.tar.gz
2 files changed, 24 insertions, 131 deletions
diff --git a/src/java/com/android/internal/telephony/SubscriptionController.java b/src/java/com/android/internal/telephony/SubscriptionController.java
index e25cbce82c..0110f60bc2 100644
--- a/src/java/com/android/internal/telephony/SubscriptionController.java
+++ b/src/java/com/android/internal/telephony/SubscriptionController.java
@@ -28,9 +28,6 @@ import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.AppOpsManager;
 import android.app.PendingIntent;
-import android.app.compat.CompatChanges;
-import android.compat.annotation.ChangeId;
-import android.compat.annotation.EnabledSince;
 import android.compat.annotation.UnsupportedAppUsage;
 import android.content.ContentResolver;
 import android.content.ContentValues;
@@ -170,15 +167,6 @@ public class SubscriptionController extends ISub.Stub {
     // Allows test mocks to avoid SELinux failures on invalidate calls.
     private static boolean sCachingEnabled = true;
 
-    /**
-     * Apps targeting on Android T and beyond will get exception if there is no
-     * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission
-     * when calling SubscriptionManager#getSubscriptionsInGroup.
-     */
-    @ChangeId
-    @EnabledSince(targetSdkVersion = Build.VERSION_CODES.TIRAMISU)
-    public static final long REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID = 213902861L;
-
     // Each slot can have multiple subs.
     private static class WatchedSlotIndexToSubIds {
         private Map<Integer, ArrayList<Integer>> mSlotIndexToSubIds = new ConcurrentHashMap<>();
@@ -473,11 +461,10 @@ public class SubscriptionController extends ISub.Stub {
     /**
      * Returns whether the {@code callingPackage} has access to subscriber identifiers on the
      * specified {@code subId} using the provided {@code message} in any resulting
-     * SecurityException. {@code throwException} flag to indicate if throw exception.
+     * SecurityException.
      */
     private boolean hasSubscriberIdentifierAccess(int subId, String callingPackage,
-            String callingFeatureId, String message, boolean reportFailure,
-            boolean throwException) {
+            String callingFeatureId, String message, boolean reportFailure) {
         try {
             return TelephonyPermissions.checkCallingOrSelfReadSubscriberIdentifiers(mContext, subId,
                     callingPackage, callingFeatureId, message, reportFailure);
@@ -485,9 +472,6 @@ public class SubscriptionController extends ISub.Stub {
             // A SecurityException indicates that the calling package is targeting at least the
             // minimum level that enforces identifier access restrictions and the new access
             // requirements are not met.
-            if (throwException) {
-                throw e;
-            }
             return false;
         }
     }
@@ -3965,21 +3949,10 @@ public class SubscriptionController extends ISub.Stub {
      * Get subscriptionInfo list of subscriptions that are in the same group of given subId.
      * See {@link #createSubscriptionGroup(int[], String)} for more details.
      *
-     * Caller must have {@link android.Manifest.permission#READ_PHONE_STATE}
-     * or carrier privilege permission on the subscription.
+     * Caller will either have {@link android.Manifest.permission#READ_PHONE_STATE}
+     * permission or had carrier privilege permission on the subscription.
      * {@link TelephonyManager#hasCarrierPrivileges(int)}
      *
-     * <p>Starting with API level 33, the caller needs the additional permission
-     * {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER}
-     * to get the list of subscriptions associated with a group UUID.
-     * This method can be invoked if one of the following requirements is met:
-     * <ul>
-     *     <li>If the app has carrier privilege permission.
-     *     {@link TelephonyManager#hasCarrierPrivileges()}
-     *     <li>If the app has {@link android.Manifest.permission#READ_PHONE_STATE} and
-     *     {@link Manifest.permission#USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER} permission.
-     * </ul>
-     *
      * @throws SecurityException if the caller doesn't meet the requirements
      *             outlined above.
      *
@@ -4007,29 +3980,15 @@ public class SubscriptionController extends ISub.Stub {
         }
 
         return subInfoList.stream().filter(info -> {
-            int subId = info.getSubscriptionId();
-            boolean permission = checkPermissionForGroupUuid(subId, callingPackage,
-                    callingFeatureId, Binder.getCallingUid());
             if (!groupUuid.equals(info.getGroupUuid())) return false;
-            return permission || info.canManageSubscription(mContext, callingPackage);
+            int subId = info.getSubscriptionId();
+            return TelephonyPermissions.checkCallingOrSelfReadPhoneState(mContext, subId,
+                    callingPackage, callingFeatureId, "getSubscriptionsInGroup")
+                    || info.canManageSubscription(mContext, callingPackage);
         }).map(subscriptionInfo -> conditionallyRemoveIdentifiers(subscriptionInfo,
                 callingPackage, callingFeatureId, "getSubscriptionsInGroup"))
         .collect(Collectors.toList());
-    }
 
-    private boolean checkPermissionForGroupUuid(int subId, String callingPackage,
-            String callingFeatureId, int uid) {
-        if (!TelephonyPermissions.checkCallingOrSelfReadPhoneState(mContext, subId,
-                callingPackage, callingFeatureId, "getSubscriptionsInGroup")) {
-            return false;
-        }
-
-        if (CompatChanges.isChangeEnabled(
-                REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID, uid)) {
-            return hasSubscriberIdentifierAccess(subId, callingPackage,
-                    callingFeatureId, "getSubscriptionsInGroup", true, true);
-        }
-        return true;
     }
 
     /**
@@ -4343,7 +4302,7 @@ public class SubscriptionController extends ISub.Stub {
             if (canReadPhoneState) {
                 canReadIdentifiers = hasSubscriberIdentifierAccess(
                         SubscriptionManager.INVALID_SUBSCRIPTION_ID, callingPackage,
-                        callingFeatureId, "getSubscriptionInfoList", false, false);
+                        callingFeatureId, "getSubscriptionInfoList", false);
                 canReadPhoneNumber = hasPhoneNumberAccess(
                         SubscriptionManager.INVALID_SUBSCRIPTION_ID, callingPackage,
                         callingFeatureId, "getSubscriptionInfoList");
@@ -4395,7 +4354,7 @@ public class SubscriptionController extends ISub.Stub {
         SubscriptionInfo result = subInfo;
         int subId = subInfo.getSubscriptionId();
         boolean hasIdentifierAccess = hasSubscriberIdentifierAccess(subId, callingPackage,
-                callingFeatureId, message, true, false);
+                callingFeatureId, message, true);
         boolean hasPhoneNumberAccess = hasPhoneNumberAccess(subId, callingPackage, callingFeatureId,
                 message);
         return conditionallyRemoveIdentifiers(subInfo, hasIdentifierAccess, hasPhoneNumberAccess);
diff --git a/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java b/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java
index 5058aa0487..5ac0b9b652 100644
--- a/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java
+++ b/tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java
@@ -17,7 +17,6 @@ package com.android.internal.telephony;
 
 import static android.telephony.TelephonyManager.SET_OPPORTUNISTIC_SUB_REMOTE_SERVICE_EXCEPTION;
 
-import static com.android.internal.telephony.SubscriptionController.REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID;
 import static com.android.internal.telephony.uicc.IccCardStatus.CardState.CARDSTATE_PRESENT;
 
 import static org.junit.Assert.assertEquals;
@@ -34,9 +33,7 @@ import static org.mockito.ArgumentMatchers.anyInt;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.mockito.Mockito.atLeast;
-import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
@@ -44,7 +41,6 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import android.Manifest;
-import android.compat.testing.PlatformCompatChangeRule;
 import android.content.ContentResolver;
 import android.content.ContentValues;
 import android.content.Intent;
@@ -72,14 +68,9 @@ import com.android.internal.telephony.uicc.IccCardStatus;
 import com.android.internal.telephony.uicc.UiccController;
 import com.android.internal.telephony.uicc.UiccSlot;
 
-import libcore.junit.util.compat.CoreCompatChangeRule.DisableCompatChanges;
-import libcore.junit.util.compat.CoreCompatChangeRule.EnableCompatChanges;
-
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Rule;
 import org.junit.Test;
-import org.junit.rules.TestRule;
 import org.mockito.ArgumentCaptor;
 
 import java.util.ArrayList;
@@ -117,9 +108,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
     private static final String DISPLAY_NUMBER = "123456";
     private static final String DISPLAY_NAME = "testing_display_name";
 
-    @Rule
-    public TestRule mCompatChangeRule = new PlatformCompatChangeRule();
-
     @Before
     public void setUp() throws Exception {
         super.setUp(getClass().getSimpleName());
@@ -1080,7 +1068,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
 
     @Test
     @SmallTest
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testAddSubscriptionIntoGroupWithCarrierPrivilegePermission() throws Exception {
         testInsertSim();
         // Adding a second profile and mark as embedded.
@@ -1132,7 +1119,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
 
     @Test
     @SmallTest
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testUpdateSubscriptionGroupWithCarrierPrivilegePermission() throws Exception {
         testInsertSim();
         // Adding a second profile and mark as embedded.
@@ -1254,7 +1240,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
 
     @Test
     @SmallTest
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testSetSubscriptionGroup() throws Exception {
         testInsertSim();
         // Adding a second profile and mark as embedded.
@@ -1689,81 +1674,42 @@ public class SubscriptionControllerTest extends TelephonyTest {
     }
 
     @Test
-    @DisableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
-    public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception {
-        // For backward compatibility test
-        ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();
-        setupReadPhoneNumbersTest();
-        setIdentifierAccess(false);
-
-        List<SubscriptionInfo> subInfoList = mSubscriptionControllerUT.getSubscriptionsInGroup(
-                groupUuid, mCallingPackage, mCallingFeature);
-
-        assertTrue(subInfoList.size() > 0);
-        for (SubscriptionInfo info : subInfoList) {
-            assertEquals(UNAVAILABLE_ICCID, info.getIccId());
-            assertEquals(UNAVAILABLE_ICCID, info.getCardString());
-            assertEquals(UNAVAILABLE_NUMBER, info.getNumber());
-        }
-    }
-
-    @Test
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
-    public void testGetSubscriptionsInGroupWithoutAppropriatePermission() throws Exception {
+    public void testGetSubscriptionsInGroupWithNoPermission() throws Exception {
+        // If the calling package does not have the READ_PHONE_STATE permission or carrier
+        // privileges then getSubscriptionsInGroup should throw a SecurityException when the
+        // READ_PHONE_STATE permission check is performed.
         ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();
+        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);
 
-        // no permission
-        setNoPermission();
         try {
             mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage,
                     mCallingFeature);
             fail("getSubscriptionsInGroup should fail when invoked with no permissions");
         } catch (SecurityException expected) {
         }
-
-        // only has the USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permission
-        setIdentifierAccess(true);
-        try {
-            mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage,
-                    mCallingFeature);
-            fail("getSubscriptionsInGroup should fail when invoked with no"
-                    + "READ_PHONE_STATE permissions");
-        } catch (SecurityException expected) {
-        }
-
-        // only has the READ_PHONE_STATE permission
-        setIdentifierAccess(false);
-        setReadPhoneState();
-        try {
-            mSubscriptionControllerUT.getSubscriptionsInGroup(groupUuid, mCallingPackage,
-                    mCallingFeature);
-            fail("getSubscriptionsInGroup should fail when invoked with no "
-                    + "USE_ICC_AUTH_WITH_DEVICE_IDENTIFIER permissions");
-        } catch (SecurityException expected) {
-        }
     }
 
     @Test
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
-    public void testGetSubscriptionsInGroupWithReadDeviceIdentifier() throws Exception {
+    public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception {
+        // If the calling package only has the READ_PHONE_STATE permission then
+        // getSubscriptionsInGroup should still return the list of SubscriptionInfo objects
+        // but the ICC ID should not be available via getIccId or getCardString.
         ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();
-        setNoPermission();
-        setCarrierPrivileges(false);
-        setIdentifierAccess(true);
-        setReadPhoneState();
+        setupReadPhoneNumbersTest();
+        setIdentifierAccess(false);
 
         List<SubscriptionInfo> subInfoList = mSubscriptionControllerUT.getSubscriptionsInGroup(
                 groupUuid, mCallingPackage, mCallingFeature);
 
         assertTrue(subInfoList.size() > 0);
         for (SubscriptionInfo info : subInfoList) {
-            assertTrue(info.getIccId().length() > 0);
-            assertTrue(info.getCardString().length() > 0);
+            assertEquals(UNAVAILABLE_ICCID, info.getIccId());
+            assertEquals(UNAVAILABLE_ICCID, info.getCardString());
+            assertEquals(UNAVAILABLE_NUMBER, info.getNumber());
         }
     }
 
     @Test
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testGetSubscriptionInGroupWithPhoneNumberAccess() throws Exception {
         // If the calling package meets any of the requirements for the
         // LegacyPermissionManager#checkPhoneNumberAccess test then the number should be available
@@ -1781,7 +1727,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
     }
 
     @Test
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testGetSubscriptionsInGroupWithCarrierPrivileges() throws Exception {
         // If the calling package has the READ_PRIVILEGED_PHONE_STATE permission or carrier
         // privileges the ICC ID should be available in the SubscriptionInfo objects in the List.
@@ -1799,7 +1744,6 @@ public class SubscriptionControllerTest extends TelephonyTest {
     }
 
     @Test
-    @EnableCompatChanges({REQUIRE_ICC_AUTH_DEVICE_IDENTIFIERS_FOR_GROUP_UUID})
     public void testGetSubscriptionsInGroupWithPrivilegedPermission() throws Exception {
         // If the calling package has the READ_PRIVILEGED_PHONE_STATE permission or carrier
         // privileges the ICC ID should be available in the SubscriptionInfo objects in the List.
@@ -2079,14 +2023,4 @@ public class SubscriptionControllerTest extends TelephonyTest {
         assertTrue(mSubscriptionControllerUT.checkPhoneIdAndIccIdMatch(0, "test2"));
         assertFalse(mSubscriptionControllerUT.checkPhoneIdAndIccIdMatch(0, "test3"));
     }
-
-    private void setNoPermission() {
-        doThrow(new SecurityException()).when(mContext)
-                .enforcePermission(anyString(), anyInt(), anyInt(), anyString());
-    }
-
-    private void setReadPhoneState() {
-        doNothing().when(mContext).enforcePermission(
-                eq(android.Manifest.permission.READ_PHONE_STATE), anyInt(), anyInt(), anyString());
-    }
 }
author	Hyosun Kim <hyosunkim@google.com>	2022-06-09 00:19:33 +0000
committer	Hyosun Kim <hyosunkim@google.com>	2022-06-09 00:19:33 +0000
commit	43f1ed290eeb193a1ab9178ab6a1b624cab54333 (patch)
tree	533592e9e26d67071c0086b4f87bd0de8f223c77
parent	9811e9a16e4c0be4c88023f4e322a5d0d372ffb5 (diff)
download	telephony-43f1ed290eeb193a1ab9178ab6a1b624cab54333.tar.gz